← Back

CVE-2016-8580

nvd nist
Published: Oct 28, 2016Modified: May 6, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.

Affected (2)

Alienvault
2 products
Open Source Security Information And Event Management
Unified Security Management
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Open Source Security Information And Event Management
Up to 5.3.1
Unified Security Management
Up to 5.3.1

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.